Splunk Search

Community Activity

Join two seaches with a range time Hello there. I have reading some answers similar to mine, but none of them fit with what I have in mind. I have two... by slorente Explorer in Splunk Search 11-30-2018 0 2	0	2
Reset_after command not working for resetting values of multiple columns Reset_after command not working for resetting value of multiple columns. I am using below command (replace @ symbol ... by sahil237888 Path Finder in Splunk Search 11-30-2018 0 0	0	0
Need help with REST API & SDK We are using Splunk Cloud. How can I access REST API? Do I need to request to enable REST API? by splunkusr9 New Member in Splunk Search 11-30-2018 0 1	0	1
How do you make a count based on multiple fields? index=syslog \| eval length=len(field1) \| where length > 100 \| table field1,field2 I want to create a search that, i... by rotundwizard Explorer in Splunk Search 11-30-2018 0 1	0	1
Need some clarification on search-time _meta field extraction. I have got a question about using _meta fields in the /opt/splunkforwarder/etc/system/local/inputs.conf of a Splunk ... by AndreAtNN New Member in Splunk Search 11-29-2018 0 4	0	4
Why can't I do an eval with a rest call in a subsearch? Hi there, I'm trying to add a column to my base search that is the user currently logged into Splunk. This is a code... by nick405060 Motivator in Splunk Search 11-29-2018 0 5	0	5
Network file permission error (-5000) when starting Splunk enterprise Recently installed Enterprise 60d trial from the Splunk website download on OS X and first, and subsequent startup in... by mikeah21 Explorer in Splunk Search 11-29-2018 2 3	2	3
field extraction from some multivalued fields seperated by comma Log event x: This is the name of the group#2 target(s) [name3] Log event y: This is the name of the group#1 target(s)... by christythomas Explorer in Splunk Search 11-29-2018 0 2	0	2
How do you show unique downloads and their location using the geomap command? I am trying to show unique downloads and their location using the geomap command. Without geomap, my download query ... by mistydennis Communicator in Splunk Search 11-29-2018 0 2	0	2
Make my splunk query more performetric or efficient I have write the below query , Can someone rewrite the query in more efficient way. Basically I am trying to see bre... by saifullakhalid Explorer in Splunk Search 11-29-2018 1 5	1	5
Creating new field on each regex match Hello Splunk Community! As I am quite new to Splunk/Regex, I've got a silly question that may be simple for you: I ... by llacoste Path Finder in Splunk Search 11-29-2018 0 3	0	3
Suitable Sourcetype for uploading a file in json format Hello, I am parsing a file in JSON format to splunk entrprise but the sourcetype is not selected automatically, when ... by dinaabdelhakam Path Finder in Splunk Search 11-29-2018 0 1	0	1
How do you make a regex to remove a string from file path in inputs.conf? I want to change a source by removing a "hostname" from file path (string) using inputs.conf Currently, the source i... by meet_vadaria Engager in Splunk Search 11-29-2018 0 8	0	8
Please see the followings outputs. Data is there which is confirmed using outputtext command but it is not getting displayed as shown in 1st picture. by a_m_s Explorer in Splunk Search 11-29-2018 0 0	0	0
How do you make a regex to extract the following value? Hi, I want to extract a value from the following line: systemGuid=9516e36a-e5e9-4ec5-a449-edcaeb5f227f, I need th... by abhishekgandhe Explorer in Splunk Search 11-29-2018 0 3	0	3
Custom Search Command - Can I emit multiple records for each input record? I'm have a custom command that parses an input field in each given record and emits 0 to N records as its output. I'm... by kmarx Explorer in Splunk Search 11-29-2018 0 0	0	0
Help on stats and on regex in a same query hello I use the code below index="windows-wmi" (sourcetype="WMI:LastLogon" OR sourcetype="WMI:LastReboot") \| dedup h... by jip31 Motivator in Splunk Search 11-28-2018 0 8	0	8
Is there an alternative to the Appendcol command? Need help!!! I am intending to make a table with the country wise sum(percent90). If i do the below, it will just su... by VI371887 Path Finder in Splunk Search 11-28-2018 0 5	0	5
How do I do maths with the results of a search for the results that I'm actually after I have a search similar to this that gets me stats that are the first step in what I'm after: index=balloons \| stats... by ruiner314 New Member in Splunk Search 11-28-2018 0 4	0	4
Why can't I search in Splunk ? "Splunk cannot authenticate the request CSRF validation failed" I can no longer search anything on any local splunk instance from my firefox browser. Firefox + plugins Splunk 6.5.... by maraman_splunk Splunk Employee in Splunk Search 11-28-2018 0 2	0	2
How to search events with matching IP addresses from two different indexes? Is there any way I can match an IP address from two different Indexes & provide a result? For Example: If there is a... by vinay_kadagave Explorer in Splunk Search 11-28-2018 1 9	1	9
Impossible not to use a join: Prove me wrong Hi, I have a situation in which I cannot think of any other way to do it besides using a join. This is less than ide... by mrstrozy Path Finder in Splunk Search 11-28-2018 0 4	0	4
How do I skip words in a field extraction? I am working two extract fields and I have the following two lines: "ActionName processing for AccountName completed... by aohls Contributor in Splunk Search 11-28-2018 0 2	0	2
How do you write a Regular expression in props.conf for only one field? Hi All, How do I write a regular expression in props.conf for only one field ? like rex field=ab "regex" thanks Ra... by rakeshksingh New Member in Splunk Search 11-28-2018 0 7	0	7
How to provide permissions for kvstore lookups? I am setting up permissions for kv store collections. I tried to give permission in local.meta in my app for all the ... by spyme72 Path Finder in Splunk Search 11-28-2018 1 8	1	8